/* * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $Id: gssapi_locl.h,v 1.43 2005/11/02 08:51:17 lha Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <krb5_locl.h> #include <gssapi.h> #include <assert.h> #include "cfx.h" #include "arcfour.h" #include "spnego_asn1.h" /* * */ struct gss_msg_order; typedef struct gss_ctx_id_t_desc_struct { struct krb5_auth_context_data *auth_context; gss_name_t source, target; enum gss_ctx_id_t_state { INITIATOR_START = 1, INITIATOR_WAIT_FOR_MUTAL = 2, INITIATOR_READY= 3, ACCEPTOR_START = 11, ACCEPTOR_WAIT_FOR_DCESTYLE = 12, ACCEPTOR_READY = 13 } state; OM_uint32 flags; enum {LOCAL = 1, OPEN = 2, COMPAT_OLD_DES3 = 4, COMPAT_OLD_DES3_SELECTED = 8, ACCEPTOR_SUBKEY = 16 } more_flags; struct krb5_ticket *ticket; krb5_keyblock *service_keyblock; krb5_data fwd_data; OM_uint32 lifetime; HEIMDAL_MUTEX ctx_id_mutex; struct gss_msg_order *order; } gss_ctx_id_t_desc; typedef struct gss_cred_id_t_desc_struct { gss_name_t principal; int cred_flags; #define GSS_CF_DESTROY_CRED_ON_RELEASE 1 struct krb5_keytab_data *keytab; OM_uint32 lifetime; gss_cred_usage_t usage; gss_OID_set mechanisms; struct krb5_ccache_data *ccache; HEIMDAL_MUTEX cred_id_mutex; } gss_cred_id_t_desc; /* * */ extern krb5_context gssapi_krb5_context; extern krb5_keytab gssapi_krb5_keytab; extern HEIMDAL_MUTEX gssapi_keytab_mutex; struct gssapi_thr_context { HEIMDAL_MUTEX mutex; char *error_string; }; /* * Prototypes */ krb5_error_code gssapi_krb5_init (void); krb5_error_code gssapi_krb5_init_ev (void *); #define GSSAPI_KRB5_INIT() do { \ krb5_error_code kret_gss_init; \ if((kret_gss_init = gssapi_krb5_init ()) != 0) { \ *minor_status = kret_gss_init; \ return GSS_S_FAILURE; \ } \ } while (0) struct gssapi_thr_context * gssapi_get_thread_context(int); OM_uint32 _gsskrb5_create_ctx( OM_uint32 * minor_status, gss_ctx_id_t * context_handle, const gss_channel_bindings_t input_chan_bindings, enum gss_ctx_id_t_state state); void gsskrb5_is_cfx(gss_ctx_id_t, int *); OM_uint32 gssapi_krb5_create_8003_checksum ( OM_uint32 *minor_status, const gss_channel_bindings_t input_chan_bindings, OM_uint32 flags, const krb5_data *fwd_data, Checksum *result); OM_uint32 gssapi_krb5_verify_8003_checksum ( OM_uint32 *minor_status, const gss_channel_bindings_t input_chan_bindings, const Checksum *cksum, OM_uint32 *flags, krb5_data *fwd_data); void _gssapi_encap_length (size_t data_len, size_t *len, size_t *total_len, const gss_OID mech); void gssapi_krb5_encap_length (size_t data_len, size_t *len, size_t *total_len, const gss_OID mech); OM_uint32 _gssapi_encapsulate(OM_uint32 *minor_status, const krb5_data *in_data, gss_buffer_t output_token, const gss_OID mech); OM_uint32 gssapi_krb5_encapsulate(OM_uint32 *minor_status, const krb5_data *in_data, gss_buffer_t output_token, const u_char *type, const gss_OID mech); OM_uint32 gssapi_krb5_decapsulate(OM_uint32 *minor_status, gss_buffer_t input_token_buffer, krb5_data *out_data, const char *type, gss_OID oid); u_char * gssapi_krb5_make_header (u_char *p, size_t len, const u_char *type, const gss_OID mech); u_char * _gssapi_make_mech_header(u_char *p, size_t len, const gss_OID mech); OM_uint32 _gssapi_verify_mech_header(u_char **str, size_t total_len, gss_OID oid); OM_uint32 gssapi_krb5_verify_header(u_char **str, size_t total_len, const u_char *type, gss_OID oid); OM_uint32 _gssapi_decapsulate(OM_uint32 *minor_status, gss_buffer_t input_token_buffer, krb5_data *out_data, const gss_OID mech); ssize_t gssapi_krb5_get_mech (const u_char *, size_t, const u_char **); OM_uint32 _gssapi_verify_pad(gss_buffer_t, size_t, size_t *); OM_uint32 gss_verify_mic_internal(OM_uint32 * minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, char * type); OM_uint32 gss_krb5_get_subkey(const gss_ctx_id_t context_handle, krb5_keyblock **key); krb5_error_code gss_address_to_krb5addr(OM_uint32 gss_addr_type, gss_buffer_desc *gss_addr, int16_t port, krb5_address *address); /* sec_context flags */ #define SC_LOCAL_ADDRESS 0x01 #define SC_REMOTE_ADDRESS 0x02 #define SC_KEYBLOCK 0x04 #define SC_LOCAL_SUBKEY 0x08 #define SC_REMOTE_SUBKEY 0x10 int gss_oid_equal(const gss_OID a, const gss_OID b); void gssapi_krb5_clear_status (void); void gssapi_krb5_set_status (const char *fmt, ...); void gssapi_krb5_set_error_string (void); char * gssapi_krb5_get_error_string (void); OM_uint32 _gss_DES3_get_mic_compat(OM_uint32 *, gss_ctx_id_t); OM_uint32 _gss_spnego_require_mechlist_mic(OM_uint32 *, gss_ctx_id_t, krb5_boolean *); krb5_error_code _gss_check_compat(OM_uint32 *, gss_name_t, const char *, krb5_boolean *, krb5_boolean); OM_uint32 gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *); OM_uint32 _gssapi_krb5_ccache_lifetime(OM_uint32 *, krb5_ccache, krb5_principal, OM_uint32 *); /* sequence */ OM_uint32 _gssapi_msg_order_create(OM_uint32 *, struct gss_msg_order **, OM_uint32, OM_uint32, OM_uint32, int); OM_uint32 _gssapi_msg_order_destroy(struct gss_msg_order **); OM_uint32 _gssapi_msg_order_check(struct gss_msg_order *, OM_uint32); OM_uint32 _gssapi_msg_order_f(OM_uint32); /* 8003 */ krb5_error_code gssapi_encode_om_uint32(OM_uint32, u_char *); krb5_error_code gssapi_encode_be_om_uint32(OM_uint32, u_char *); krb5_error_code gssapi_decode_om_uint32(u_char *, OM_uint32 *); krb5_error_code gssapi_decode_be_om_uint32(u_char *, OM_uint32 *); #endif